A github repo created by the A.R.E maintainer for easy installation and update, however the rapid development of each individual project above, does not sync with the update of the A.R.E github repo. This is why AREsoft-updater was created.

AREsoft-updater is an updater script for Android Reverse Engineering Software belongs to ARE VM from the Honeynet Project

AREsoft-updater will check for the latest available version of each individual project/tool listed above and compare it with the local (installed) version in A.R.E. If newer version is available, AREsoft-updater will automatically download and install the update for your A.R.E

Last few night I saw a twitter update from @pentestit on a project called PHP-Shell-Detector; a php script that helps you find and identify php/cgi(perl)/asp/aspx shells.

My friends and I were a bit disappointed because we have developed the same thing but not yet released to the public for no reason.

But speaking about PHP-Shell-Detector, new stuff still need to be tested 🙂 so I’ve put it into a test

I’ve tested with a webshell I’ve found in the wild. Impressive.. PHP-Shell-Detector managed to detect it. The GUI and ajax was nice as well

I’ve spent some time to take a look at the code and found that the “suspicious functions used” part was implemented with the use of regex and I’ve found that something is missing.. So i’ve created a simple webshell to test my theory. So here is my code:

<?php$cmd=$_GET['cmd'];echo `$cmd`;?>

<?php
$cmd = $_GET['cmd'];
echo `$cmd`;
?>

And lets see the result:

This is due to the backtick is not in the regex and I believe it is not in the signature part as well.

I’ve reported this issue on the github page and comeout with the regex and tokenizer suggestion as the solution but from the response that i’ve get, i dont think it will be implemented in this near soon.

Anyway.. As overall, PHP-Shell-Detector is a good project and would help the webmaster to simplify the process of “searching” the hidden planted shell in their website.